Four days before he leaves office, US President Joe Biden issued a sweeping cybersecurity executive order ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence and punishes foreign hackers.

The 40-page executive order unveiled Thursday is the Biden White House’s latest effort to jump-start efforts to harness the security benefits of AI, roll out digital identities for American citizens and close loopholes that China, Russia and other adversaries have repeatedly helped to penetrate US government systems.

The order “is designed to strengthen America’s digital foundations and also set the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technologies, told reporters Wednesday .

The question of whether President-elect Donald Trump will continue any of these initiatives after he takes the oath of office on Monday looms over Biden’s directive. None of the highly technical projects set out in the order are partisan, but Trump’s advisers may prefer different approaches (or timetables) to solving the problems the order identifies.

Trump did not name any of his top cyber officials, and Neuberger said the White House has not discussed the order with his transition staff, “but we are very happy to, once the incoming cyber team is named, have any discussions during this final transition period.”

At the heart of the executive order is a series of mandates for protecting government networks based on lessons learned from recent major incidents — namely, the security failures of federal contractors.

The order requires software vendors to provide proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency will be tasked with double-checking these security statements and working with vendors to resolve any issues. To put some teeth behind the requirement, the White House Office of the National Cyber ​​Director is “encouraged to refer certifications that are not validated to the Attorney General” for possible investigation and prosecution.

The order gives the Commerce Department eight months to assess the cyber practices most commonly used in the business community and issue guidance based on them. Soon after, those practices will become mandatory for companies that want to do business with the government. The directive also initiates updates to the National Institute of Standards and Technology’s secure software development guidance.

Another part of the directive focuses on protecting cloud platforms’ authentication keys, the compromise of which opened the door to China’s theft of government emails from Microsoft’s servers and its recent supply chain hack of the Treasury Department. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.

To protect federal agencies from attacks that rely on flaws in Internet of Things devices, the order sets a January 4, 2027 deadline for agencies to purchase only consumer IoT devices that support the newly launched US Cyber ​​​​Bears Trust Mark label.